United notifies members of access gained to MileagePlus accounts

United said it has not been breached, but the airline is notifying MileagePlus members that an unauthorized party attempted to access their accounts beginning in early December 2014 using usernames and passwords obtained from a third-party source.

A United spokesperson told SCMagazine.com on Thursday that the unauthorized party was able to make mileage transactions on fewer than three dozen of United's 95 million MileagePlus accounts, and that affected accounts are being temporarily suspended.

According to a notification letter, the unauthorized party was able to obtain MileagePlus numbers, account balances and Premier statuses. While there is no indication that other data was accessed, information such as mailing addresses and the last four digits of credit card numbers could have been viewed.

Using the same credentials for multiple accounts enabled the incident, the spokesperson said, adding United is not the only company where attempts to access accounts were made.

[An earlier version of this story did not include the time period when attempted access to accounts began].

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.